Managing a School Filtering Policy

Transcription

1 Managing a School Filtering Policy Considerations and Guidance for Schools and Educational Settings when Managing a Filtering Policy March 2014

2

3 CONTENTS MANAGING A SCHOOL FILTERING POLICY... 1 E-SAFETY AND FILTERING CONSIDERATIONS... 2 CASE STUDY EXAMPLES... 5 CASE STUDY CASE STUDY CASE STUDY DEVELOPING A WHOLE SCHOOL E-SAFETY APPROACH... 8 POLICES AND PRACTISE... 9 INFRASTRUCTURE AND TECHNOLOGY EDUCATION AND TRAINING STANDARDS AND INSPECTION MANAGING A FILTERING POLICY: CONSIDERATIONS FOR HEAD TEACHERS, SLT AND GOVERNING BODIES RISK ASSESSING ONLINE TOOLS AND WEBSITES RISK ASSESSMENT TEMPLATE FOR THE USE OF WEB TOOLS AND TECHNOLOGY IN THE CLASSROOM SUMMARY OF RISK ASSESSMENT DECISION KEY ISSUES AND ACTION REQUIRED RISK ASSESSMENT CHECKLIST RISK ASSESSMENT TEMPLATE FOR THE USE OF WEB TOOLS AND TECHNOLOGY IN THE CLASSROOM ACTION PLAN FOR THE USE OF WEB TOOLS AND TECHNOLOGY IN THE CLASSROOM USEFUL RESOURCES FOR SCHOOLS TO USE E-SAFETY INCIDENT FORM SAMPLE LETTER TO REPORT A FILTERING BREACH RESPONDING TO AN INCIDENT OF CONCERN: FILTERING BREACH MANAGING A FILTERING POLICY: AUDIT TOOL FURTHER ADVICE AND GUIDANCE FOR EDUCATIONAL SETTINGS TO SIGN UP ACKNOWLEDGEMENTS... 35

4

5 Managing a School Filtering Policy This document aims to help schools and educational settings consider safe practice in order to protect staff, pupils and the wider community when establishing their filtering policy. The internet enables teacher and learners to access excellent tools which enhance and enrich teaching and learning and can provide exciting and new opportunities for schools to engage and communicate and collaborate with pupils and the wider community. The positive use of the internet Information and Communication Technology (ICT) within schools and settings for curriculum enhancement and learning is encouraged. However it is essential that use of the internet and technology is carefully considered in advance, in order to ensure all members of the school community are kept safe. With the new KCC filtering solution in place, schools can manage their own individual filtering block and allow lists without affecting other schools. This will enable schools to have greater control over the tools they choose to use within the school and classroom. Administrators or other staff members will be able to quickly make simple changes to their filtering policy to block or allow websites as required. The Schools Broadband service desk can also create time based filtering policies on behalf of a school to allow access to appropriate games sites at lunch times or relax access to non-educational sites for afterschool clubs or community groups. If schools opt to manage their own filtering policy then they will need to understand that the responsibility of safe usage by pupils and staff will be held by the Head Teacher and Governing body. It is essential that schools are aware of the possible dangers, make appropriate changes to policy and the school ethos and accept the responsibility entailed. This document aims to give schools who wish to manage their own policy advice and guidance to ensure safe practise is developed and to help protect children and young people in Kent. This document has been adapted from Using Social Media and Technology in Educational Settings which was written by the Kent e-safety Strategy Group which comprises multi-agency professionals from across the Kent children s workforce. March EiS Kent

6 e-safety and Filtering Considerations In today s society, children, young people and adults interact with technologies such as mobile phones, games consoles and the Internet on a daily basis and experience a wide range of opportunities, attitudes and situations. The exchange of ideas, social interaction and learning opportunities involved are greatly beneficial to all, but can occasionally place children, young people and adults in danger. e-safety covers issues relating to children and young people as well as adults and their safe use of the Internet, mobile phones and other electronic communications technologies, both in and out of school. It includes education for all members of the school community on risks and responsibilities and is part of the duty of care which applies to everyone working with children. Schools and other settings must decide on the right balance between controlling access to the internet and technology, setting rules and boundaries and educating students and staff about responsible use. Schools must be aware that children and staff cannot be completely prevented from being exposed to risks both on and offline. Children should be empowered and educated so that they are equipped with the skills to make safe and responsible decisions as well as to feel able to report any concerns. However it is also essential that filtering is managed by the school to prevent children from being exposed to illegal and inappropriate content. Breaches of a filtering policy can and have led to civil, disciplinary and criminal action being taken against staff, pupils and members of the wider school community. It is crucial that all settings are aware of the offline consequences that online actions can have as well as their legal obligations to safeguard and protect children on and offline. Good e- Safety practice should be fully embedded across the establishment and regularly monitored by the SLT before schools and settings consider managing their own filtering. The use of which internet and related tools in the classroom are appropriate is a school decision to make and should, where possible, be based on a risk assessment approach. Many web tools will pose limited or no risk to children with the classroom, especially if they have been created for an educational purpose, however many schools opt to use tools which may not be aimed at use within the classroom such as some child focused chat or gaming sites or other social media tools. Schools should be able to clearly demonstrate the steps they have taken to identify and reduce any risks and that children s safety is always paramount. The school must ensure it has an up-to-date and accurate e-safety Policy prior to use and that the school behaviour and complaints policies have been updated accordingly. Schools and settings should have clearly defined policies in place which specify when and how the internet and technology be used and this should be outlined in Acceptable Use Policies which have been tailored for all stakeholders (pupils, staff, parents, visitors). An AUP should include appropriate boundaries for use as well as any sanctions. Schools and settings should always be mindful that, due to the global nature of the internet and the speed at which technology moves, online tools can very quickly change and content shared online can be distributed much further than intended. Risk cannot be 100% removed from any site or service so a clearly defined incident procedure which is understood by all members of the school (pupils and staff) is essential. EiS Kent March 2014

7 The school/setting will need to be aware of their responsibility to moderate content and to ensure that the policies and procedures are kept up-to-date. Schools should ensure they have up-to-date and appropriate training for every member of staff, as well as pupils, parents and carers. Schools/settings should have a designated e-safety lea/coordinator and an up-to-date e-safety Policy and AUP. Schools must be aware that children and staff cannot be completely prevented from being exposed to risks both on and offline. Children should be empowered and educated so that they are equipped with the skills to make safe and responsible decisions as well as to feel able to report any concerns. All members of staff need to be aware of the importance of good e-safety practice in the classroom in order to educate and protect the children in their care. Members of staff also need to be informed about how to manage their own professional reputation online and demonstrate appropriate online behaviours compatible with their role. Schools are advised to risk asses the use of Social Media tools and internet sites prior to use as part of the schools legal duties to comply with The Children's Act 1989, the Health and Safety at Work Act 1974 and the Management of Health and Safety at Work Regulations 1999 which makes it clear that all schools have a duty of care to ensure the safety and wellbeing of pupils and staff. Governing bodies of maintained schools must comply with the Education Act 2002 (section 175) and have regard to guidance issued by the Secretary of State. The DfE (now DfE) guidance Safeguarding children and safer recruitment in education, makes it clear that schools must provide a safe environment and take action to identify and protect any children or young people who are at risk of significant harm It is recommended that schools and settings should complete a risk assessment for the communication tool/site/technology prior to its use in the classroom as part of their legal duty of care towards pupils. In a recent report published by Ofsted in September 2011 "Safeguarding Schools: best practise" it was noted by Ofsted that a common weakness found in schools judged to be inadequate was that they failed to carry out robust risk assessments. Ofsted felt that schools judged to be Outstanding were common in their approach to their safeguarding responsibilities:"...complies with requirements and often move beyond them; it is not seen as a burden but as a reasonable and essential part of the fabric of the school; it pays attention to the meticulous and systematic implementation of policies and routines; it involves every member of the school community in some way; and it has a sharp eye on the particular circumstances and needs of all pupils, especially the most vulnerable." For more information on this report, please see the Further Advice and Guidance section. The decision about using certain online tools such as social media sites or communication tools (e.g. blogs, wikis, social networking, gaming, chat rooms, instant messaging, video sharing, image sharing etc.) should be made as a school and requires the full support and backing of the Senior Leadership Team and Governing Body. The use of any website in the classroom must also be in accordance with the sites terms and conditions such as age restrictions or terms of use (for example some sites and services are only free for home use and use in the classroom could contravene this) and staff should be careful to not promote or advocate the underage use of any sites. March EiS Kent

8 Sites which allow interaction with unregulated users (e.g. social networking, chat sites, gaming sites etc.) will require extra caution and a more detailed risk assessment when considering unblocking them for use within a school. This will need to consider the age, ability and understanding of the pupils as well as the school and staffs ability to safeguard children when using the website/tool and children s safety must always be the priority. Schools must be aware that online tool or site are not 100% safe unless they are controlled and/or moderated by the school itself so risk assessments are essential when considering using online tools which allow any level of interaction. It is imperative that the Head Teacher and the Governing body are aware that filtering decisions made when controlling the school filtering policy are their responsibility and they could be held accountable if they have failed to safeguard members of the community by not taking all reasonable precautions. EiS Kent March 2014

9 Case Study Examples Managing a School Filtering Policy The following information details possible situations which could occur as a result of not considering a filtering policy carefully. These case studies have been made anonymous but are based on local incidents. These case studies could be used by SLT to consider their own approaches and processes to manage concerns if they were to occur in school. Case Study 1 Jo Smith is the head teacher of a small primary school. Jo has recently been informed of cyberbullying of year 6 pupils taking place on Facebook. Jo does not use Facebook and does not know how the site works. Jo instructs the school ICT technician to unblock the site and requests the year 6 teacher to do some work in class around e-safety and specifically look at the safe use of Facebook. After the activity, a parent complains that her 11 year old child now has a Facebook account, which the child set up during the lesson and has continued to use the site in school. The parent is unhappy that her child has an account as the age limit for Facebook is set to 13 and has been using the site at school to talk to strangers who she has added as friends. She feels the school has acted irresponsibly and is lodging a formal complain with the Chair of Governors as she feels the school has endangered her child s safety. Suggested Actions: Headteachers need to be aware of the schools e-safety ethos and ensure that all members of staff are aware and educated about e-safety. The SLT should be aware of their legal responsibilities in regards to safeguarding children. The Head needs to look at the school policy around cyberbullying and education and advice given to pupils and parents. Facebook should not have been unblocked without very careful consideration from SLT and a risk assessment should have taken place prior to the site being unblocked. Parental consent should have been obtained for all pupils involved (outlining the aims of the activity) prior to the lesson. Access to Facebook should have only been enabled for pupils for the specific lesson. The incident needs to be logged in the e-safety incident book and the school e- Safety Coordinator needs to evaluate current e-safety practise and implement any changes for the future (with SLT approval). March EiS Kent

10 Case Study 2 Sam is an ICT Technician in a Secondary school. He manages the schools filtering alone and only speaks to the school SLT when they have any questions about the system. Sam has signed a school Acceptable Use Policy but has not been included in any e-safety training as he is not a member of teaching staff. Sam decides he wants to unblock a gaming site for his lunch time ICT club as his nephew has told him how great it is. Sam normally supervises the pupils but is called away to deal with an ICT issue elsewhere in the school. At lunch one of the pupils plays a game where users are encouraged to stab and injure teachers and students in order to gain enough points to win the game. The pupil does not disclose this incident in school and sends the link to his friends. A member of staff overhears students talking about the game and informs the school e-safety Coordinator. Suggested Actions: The school needs to ensure SLT are aware of filtering changes and approve amendments. All members of staff need e-safety training and staff responsible for networks and systems may need closer supervision by SLT due to the nature of their role. If games sites are required to be used by students then they should be risk assessed prior to use and allowed during specified time frames (such as lunch time or after school) if the games are for recreational purposes. Students should be appropriately supervised by a member of staff which should take into account the age and ability of the student. Students should be made aware of acceptable behaviour online and consequences for misuse as part of a student Acceptable Use Policy. Students also need to be fully aware of the school procedures for reporting inappropriate content The incident needs to be logged in the e-safety incident book and the school e- Safety Coordinator needs to evaluate current e-safety practise and implement any changes for the future (with SLT approval). EiS Kent March 2014

11 Case Study 3 Managing a School Filtering Policy Ashley is a class teacher in a primary school. As part of her year 5 Geography project she is allowing the pupils to use the internet to find information and images. Ashley tells the pupils to use a search engine to find out facts about Asia. Ashley marks her work whilst the pupils use the laptops in pairs. Ashley notices a small group of pupils laughing and giggling and asks them if they are ok. The pupils say they are fine and return to their work. The following day a parent complains to the Headteacher that her child saw pornographic images yesterday at school. She says that her child was using Google images to search for Thailand and that the children were exposed to pornographic images. She demands an explanation and assurance that the incident won t happen again. Suggested Actions: All staff need to be aware of the schools expectations regarding internet use in the classroom The school should risk assess and pre-check the search engine to be used by pupils. The search engine used should be carefully considered according to the age and maturity of the pupils. Pupils must be appropriately supervised (depending on age and ability) when using the internet. Pupils (dependent on age and ability) require explicit instructions and guidance around which sites and search terms should be used. Pupils need to be made aware of the school procedures for reporting inappropriate content and a revision of the pupil Acceptable Use Policy may be required. If the pupils deliberately accessed the content then sanctions will be required. Parents need to be aware that no internet filtering is completely effective and that schools take serious any breaches and will investigate and manage appropriately this should be covered as part of the school Acceptable Use Policy and Home- School Agreement. The web site containing the image needs to be blocked (either by the school or reported to the schools broadband team). The incident needs to be logged in the e-safety incident book and the school e Safety Coordinator needs to evaluate current e-safety practise and implement any changes for the future (with SLT approval). March EiS Kent

12 Developing a Whole School e-safety Approach (Image courtesy of Becta, 'AUPs in Context: Establishing Safe and Responsible Online Behaviours' copyright Becta, 2009) Developing an effective e-safety ethos and culture within school is not an easy task, but the PIES model for limiting e-safety risks can provide schools with a very useful starting point. By developing effective policies and procedures, infrastructure and technology, education and training, and underpinning these approaches with standards and inspection, schools can develop an environment where pupils are able to benefit from a technology in a safe and responsible manner. EiS Kent March 2014

13 Polices and Practise Managing a School Filtering Policy Effective and embedded e-safety policies and practices can help to protect pupils and staff and promote safe and responsible use of technology across the school. As a minimum, schools should seek to embed the following: A detailed e-safety Policy (or e-safety measures and procedures are incorporated within other policies) outlining the school s ethos and approach. This should include detailed descriptions of safe behaviour and expectations from the school including descriptions of acceptable and unacceptable uses of technology and a procedure for recording e-safety incidents and actions. Some schools choose to embed their e- Safety policy in other documents such as a wider safeguarding policy. This should be developed with consultation from key stakeholders and be made available to ALL members of the school community. Guidance for schools around writing an e-safety Policy can be found at: A Designated Coordinator for e-safety. An e-safety co-ordinator is crucial to the process of developing and maintaining an e-safe culture within school and will act as a contact point for any concerns as well as coordinating the schools e-safety approach. This person does not need technical skills and should where possible be a member of the School Senior Leadership team with responsibilities as part of the wider child protection and safeguarding. Some schools have e-safety teams where stakeholders and staff with different roles and expertise work together to develop the school e-safety ethos. A security and data management policy which covers the schools legal requirements in respect to the Data Protection Act (DPA) For more information visit An embedded Acceptable Use Policy which gives all users a clear understanding of what they can and can t do. The AUP should be clear and concise, and written in a tone appropriate to the age and understanding of the users, detailing any sanctions for misuse. There will be a need to develop multiple versions of the AUP for different audiences, for example, pupils, staff, and parents/carers. Guidance for schools around writing an AUP can be found at A detailed procedure for responding to an e-safety Incident. The procedure should detail points of escalation to internal and external contacts and should be made available to all members of staff. Pupils and parents should also be informed of the procedure for reporting an e-safety concern to the school e.g. the name of the e-safety Coordinator. A sample flowchart Responding to an Incident of Concern can be found at March EiS Kent

14 Other policy and procedure considerations: When considering the use of social media tools as a school communication tool, it is recommended that SLT should read the document Using Social Media and Technology in Educational Settings to ensure additional safety considerations are made. All pupil s and members of staff should be aware of the school procedure of what to do if inappropriate content or messages are found, sent or received online before they access technology or the internet. This should be revisited and revised frequently. School provided devices and tools should always be used (e.g. work provided digital cameras, memory cards, laptops etc.) rather than staff personally owned equipment. Use of pupils personal devices should be carefully considered and discussed in the school e-safety and/or mobile phone policy. If pupils are required to use their own devices then the school should set clear boundaries and ensure pupils are aware of safe and acceptable use prior to the activity. It is also recommended that the school Senior Leadership Team is aware and approves of the use of pupils personal devices within the classroom. Infrastructure and Technology The technology and infrastructure schools use must be robust and secure in order to reduce the likelihood of pupils and staff encountering e-safety risks whilst on site. This may include the school utilising a set of security tools such as anti-virus software, antispam relays, firewalls, content filtering and network monitoring systems. Staff with responsibility for the technical networks should work alongside the SLT, e- Safety lead and curriculum staff to ensure that appropriate learning opportunities are not restricted by technical measures. Technical staff will need support from the SLT and regular training to remain up-to-date with e-safety issues. They should be clear about the school procedure to follow if they discover or suspect any e-safety incidents (particularly any illegal or suspected illegal activity) through monitoring of network activity. EiS Kent March 2014

15 Other infrastructure and technology considerations: Managing a School Filtering Policy It is essential that all members of staff are made aware that filtering alone is not sufficient in safeguarding children online. Filtering breaches can and will occur so it is important that staff and pupils are aware of the reporting process to follow should any incidents arise. Safe practise techniques should be encouraged as part of the e- Safety Policy and staff and pupils training. Internet filtering must be in place according to the schools requirements. This should be designed with both a technical and curriculum focus and should be agreed by the Senior Leadership Team. Schools should see risk assessing websites and technology as an essential part of their safeguarding procedures in order to comply with their legal duty of care towards staff and pupils. The school should ensure there is a security and data management policy in place which reflects the schools e-safety ethos and it is the Head Teachers responsibly to ensure the school complies with the DPA. For more information see KCC s Data Protection information and the information Commissioner s Office at: Schools can contact EiS to discuss any technical or security queries. See further advice section for contact details. The EIS IT Security Document Library can also be accessed here: Specific technical details about managing school filtering using Lightspeed Lunar Module can be found at Education and Training e-safety education and training is essential for all pupils, staff and parents/carers to help provide them with an awareness of e-safety issues and risks, and encourage safe and appropriate behaviours as well as developing strategies for managing any online dangers encountered. A successful e-safety education programme will be continuous across the school and curriculum and should seek to provide information about both the positives and risks of technology. The training should occur on a regular basis to reflect new and emerging technologies and should be delivered to all members of the school community. Training may also need to be refreshed as a response to any specific incidents and issues March EiS Kent

16 Other education and training considerations: Supervision in the classroom with technology must be appropriate to the children s needs and abilities. It is recommended that primary aged pupils should always be supervised by a member of staff. Supervision in the secondary or special school will vary according to the pupils understanding and ability but pupils must always have a level of adult supervision when using the internet which is decided by the SLT. Where possible, web content should be pre-checked for all ages. Internet searches and online activity with KS1 pupils should always be pre-checked and teacher directed. Age-appropriate search engines (e.g. CBBC Search: NEN Image Gallery: Pics4Learning: Quintura Kids: Ask Kids: Yahoo Kids: should be used by KS2 pupils and websites and search terms should be pre-checked with a dry-run before the lesson by the teacher. Please note no search engine is 100% safe and appropriate supervision and prechecks should always be carried out by staff prior to use. If schools wish to use sites such as Google, Bing, and YouTube etc. with pupils then they must ensure safe search filtering tools are applied (Lightspeed enforces safe search to Google and Bing but not YouTube). Schools must be aware that this only reduces (not removes) the possibility of accessing inappropriate content either accidentally or otherwise. Therefore the school must ensure that necessary processes are in place to respond to any filtering breaches. This would include policies and procedures for reporting unsuitable content (for pupils and staff), appropriate supervision and pre-checking of search terms as well as education for pupils about safe searching and online reliability prior to use. The Educational Video Library can be used to display YouTube videos in a safe setting, for more information All pupils should be taught age appropriate behaviours and safe searching techniques to support their learning. Even with school filtering in place, it is not guaranteed to be 100% effective and prior checks are essential. It is good practise for staff to evaluate websites before classroom use and staff should check the appropriateness of both the content and surrounding content. For example, if members of staff are using online video clips, they should ensure they are clear of any unsuitable content, including surrounding links and adverts. Staff should be aware that websites, search results etc. may be safe and appropriate one day but unsafe a day later. All members of the school community should be aware that filtering software is not always effective and cannot be relied on alone to safeguard children. Children with Special Educational Needs should be appropriately supported according to their specific needs and their personal understanding of the e-safety risks. All pupils and staff should understand how to critically evaluate online content. EiS Kent March 2014

17 All members of staff must be aware that, due to the ease of publishing information and content online, it is now very easy for staff to confuse writing in their capacity as a member of staff with sharing their own individual opinion. Staff must be aware that even as an individual, his/her actions could be criticized and seen as bringing a school into disrepute, especially if other users are aware of their role. This may have disciplinary, civil or even criminal consequences. It is crucial that all members of staff are made aware of the boundaries and professional practices online in order to protect their professional status. Staff should always remember that once content is shared online it is possible for it be circulated far wider than intended without consent or knowledge. School provided devices and tools should be used by staff (e.g. work provided digital cameras, memory cards, laptops etc.) rather than personally owned equipment, unless permission is given by SLT and any personal data (including images/videos) is removed from the device and stored on the school network before the device leaves the site. Standards and Inspection The monitoring and evaluation of e-safety standards are essential in ensuring a safe environment, and should occur on many levels. Schools leadership team and governing bodies should regularly review the school e- Safety approach in relation to any emerging issues both within the local context as well as to reflect national best practice. Schools should monitor and report on their e-safety provision and maintain logs of e-safety incidents, resulting outcomes and follow-up actions taken. Schools should also be working with the Local Safeguarding Children Board and Local Authority Safeguarding team to understand what is required of them in terms of the local approach to safeguarding children online. Schools should be aware of the important of safeguarding as part of the Ofsted inspection and consider how e-safety should be reflected and embedded as part of the wider safeguarding remit. March EiS Kent

18 Managing a Filtering Policy: Considerations for Head Teachers, SLT and Governing Bodies Head teachers, SLT and Governing Bodies should consider and enforce the following: Policies and Procedures Does the school have an up-to-date e-safety Policy? Does the policy cover expectations for safe use of technology in the classroom? Is there an incident reporting mechanism for reporting inappropriate content or unsafe behaviour online (by both staff and pupils) which is known by all members of the school community? Does the school log and record all e-safety incidents, including any actions taken? Has the e-safety Policy and the appropriate procedures been communicated to all members of the school community? Does the school have a designated lead for e-safety? Is this the most appropriate member of staff (considering e-safety is a safeguarding concern it is recommended that it is a member of the SLT). Is there an established and embedded up-to-date school Acceptable Use Policy (AUP)? o Has the AUP been signed by all members of staff? o Is there an AUP for visitors and pupils? o Has the AUP been discussed with both pupils and parents/carers? Does the school have clear rules/boundaries about safe and appropriate online behaviour, including sanctions, for staff and pupils? Is this included in the school behaviour policy? Is the school Senior Leadership Team involved and active in developing and establishing the school e-safety ethos? Infrastructure and Technology: Is there a nominated member of SLT who oversees the filtering policy? Are staff with access to the filtering system monitored and supported in their role by SLT? Has the school filtering policy been developed by curriculum and technical staff? o What changes will or can be made to reduce any risks? Has the filtering policy been approved by SLT? Are any changes to the filtering policy approved by SLT prior to implementation? EiS Kent March 2014

19 Education and Training: Do all members of staff receive up-to-date training on e-safety? Managing a School Filtering Policy Is there a process for including e-safety policies and procedures as part of the school induction process for all members of staff? Do all pupils have specific e-safety lessons targeted at their age group and ability across the curriculum? Are all members of staff proactive in respect of e-safety, by encouraging situations where they can model and discuss good online behaviour? Do the Governors understand the responsibilities they have for safeguarding, and to broadly understand e-safety issues? Is there a lead Governor for e-safety? Does the school seek to support parents/carers in understanding how to minimise risks within their own families and with the ICT tools they have available in their homes? Does the school communicate the e-safety policy and ethos in a variety of channels? Do parents know who to contact in school if they have an e-safety concern? Standards and inspection: Do the SLT and the Governing body review AUPs / e-safety policies annually (at least)? Do the SLT and the Governing body monitor the impact of the school e-safety policy and procedures? Do the SLT and the Governing body revise the e-safety policy and school practice where necessary (such as after any incidents of concern)? Do the SLT and the Governing body work with the Local Safeguarding Children Board March EiS Kent

20 When considering making a change to the filtering policy schools should consider the following: Has a clear education need been identified for the site being considered for unblocking? Has the school read and followed guidance identified in the Using Social Media and Technology in Educational Settings document? Have websites and tools been risk assessed prior to use to identify any safety concerns? o Has a risk assessment been completed with both a technical and curriculum perspective? o Have appropriate measures been taken to reduce any risks identified? o Has the risk assessment been approved by a member of SLT? o Has the risk assessment considered the age, ability and understanding of the pupils as well as the school and staffs ability to safeguard children when using the website/tool? Have members of staff checked to ensure sites and tools used in the classroom are deemed appropriate to use for educational purposes? Note: If there is interaction with unregulated users (e.g. social networking, chat sites, gaming sites etc.) then extra caution and a more detailed risk assessment will be required. Has a member of staff checked to ensure that websites Terms and Conditions allow them to use the site in the classroom or for your required purpose, for example the site age appropriate. Risk Assessing Online Tools and Websites There are a number of statutory provisions that have a bearing on this area, either directly or indirectly. Please note that legislation and Government guidance in this area is constantly changing so it is recommended that Head Teachers visit to ensure content is up-to-date. Employers, school staff and others also have a duty under the common law to take care of pupils in the same way that a prudent parent would do so. A risk assessment is a careful examination of any activities that could, whether on or off site, cause harm to people so that schools can weigh up whether they have taken adequate precautions or should do more to prevent harm. All activities that could present a potential hazard to either pupils or staff should be risk assessed. The Management of Health and Safety at Work Regulations 1999 require employers to assess the risks arising from work activities to both employees and non-employees (e.g. students, visiting parents). A key requirement of the Management of Health and Safety at Work Regulations 1999 is that employers must carry out risk assessments to eliminate or reduce risks. Employers with five or more employees need to record the significant findings of a risk assessment - it is not necessary to record risk assessments for trivial or insignificant risks. In addition, employers also need to: EiS Kent March 2014

21 make arrangements for implementing the health and safety measures identified as necessary by risk assessments monitor and review those arrangements appoint people with sufficient knowledge, skills, experience and training to help them to implement these arrangements set up emergency procedures and provide information about them to employees provide clear information, supervision and training for employees and ensure that suitably competent people are appointed who are capable of carrying out the tasks entrusted to them Legal action for negligence against schools is likely to be successful if the school has not taken care of a child in a way that a prudent parent would have done and as a result, the child has been injured and the injury was a foreseeable consequence. Risk assessing websites and tools is an essential process for schools and settings to develop safe and appropriate practice in the classroom and help to protect staff and students, especially if they allow pupils to share information or to communicate globally. Risk assessments should be carried out prior to using any tool or technology in the classroom as part of the schools legal responsibilities to safeguard pupils and staff. The following content has been taken from Using Social Media and Technology in Educational Settings, Kent County Council e-safety Strategy Group and has been provided as an illustration. Schools are encouraged to develop and use their own risk assessment tools. March EiS Kent

22 Risk Assessment Template for the use of Web Tools and Technology in the Classroom Site/Service: Brief Description of Service: Purpose Summary of Risk Assessment Decision Risk Staff Early Years KS1 KS2 KS3 KS4 16+ General Privacy, Data Security Content Suitability and Age limits Communication Filter site? Y/N Y/N Y/N Y/N Y/N Y/N Y/N Key Issues and Action Required Risk Identified Action Taken Action by Date EiS Kent March 2014

23 Risk Assessment Checklist Carried out by: Role: Date: Yes No Further information General Considerations Endorsed by recognised authority for education use Service has good reputation for dealing with concerns SLT Approval Documented in School Policies and procedures Whole School e-safety training provided Privacy and Data Security Registration of users required? Anonymous registration possible? User posts attributed to real, verified identities? Service can be administrated by staff Minimum age is suitable for the setting? Privacy tools Personal Data Collected Logs Data Personal Data Collected Address Personal Data Collected Address/Phone numbers Personal Data Collected IP Address Personal Data Collected Cookies (Sessional or persistent) Personal Data Collected Data sharing with other services March EiS Kent

24 Content Suitability High Bandwidth Internet radio/tv High Bandwidth Internet telephony High Bandwidth File sharing High Bandwidth Personal Storage High Bandwidth Streaming Media Adult Material Advertising Material Dating/Personal Weapons Promotion of drugs, alcohol, tobacco etc Promotion of violence, hatred, racism etc Promotion of gambling Promotion of extremist organisations Promotion of Illegal Activity Promotion of computer misuse Other inappropriate content EiS Kent March 2014

25 Communication Moderated by CRB Checked Adult Teacher/staff admin controls Age banding/tools provided Communication between pupils (within school) Communication between pupils (outside of school) Child to teacher communication allowed Unverified users present Possibility of Cyberbullying? Other Considerations Key: High risk identified: Unsuitable to use Risk Identified: Action required/proceed with caution Limited risk March EiS Kent

26 Risk Assessment Template for the use of Web Tools and Technology in the classroom Date: Assessed by: Checked/Validated* by: Purpose: Website/Technology: Audience: Review date: Hazard Who might be harmed & how Existing measures to control risk Risk rating Result and actions needed to be taken Age Restrictions Membership verification Privacy/Profile Settings File Uploads Collaborative Tools Search Options Content and Design Advertisements March EiS Kent

27 Hazard Who might be harmed & how Existing measures to control risk Risk rating Result and actions needed to be taken Content Ownership Adult Content Moderation of site Safety and bullying Report abuse or content Privacy Policy Terms of Use Deleting and Controlling accounts Parental Consent Other EiS Kent March 2014

28 Action Plan for the use of Web Tools and Technology in the classroom Date: Assessed by: Checked/Validated* by: Website/Technology: Audience: Review date: Purpose: Action plan: Hazard Further action required Action by whom Action by when Done March EiS Kent

29 Useful Resources for Schools to use Managing a School Filtering Policy The following pages contain sample documents and letters which schools may wish to use. Sample Filtering log/e-safety recording log Sample letter for parents to report a filtering breach Sample Incident Flowchart for filtering breaches including escalation details e-safety Incident Form Date/time: Child and/or Workstation name (if appropriate): Incident or concern raised: Action Taken: Member of staff (please print name): Signed: e-safety Coordinator: Signed: EiS Kent March 2014

30 Sample Letter to report a filtering breach Name of child: Class: Date: Dear Parents, Children in school participate in supervised ICT activities which involve use of the internet. This may be using an approved search engine to gather information from suitable websites or accessing specific directed web based activity sites. Strong filters are applied to the school network to minimise the risk of children accessing unsuitable material and these are extremely effective. However, they are not infallible and today when using the internet your child accessed some inappropriate material as outlined below. Incident details: Your child is aware of the precautions they should take when using the internet and we are satisfied that they were accessing information online in an appropriate way. There was little that could have been done to prevent this from happening. The adult(s) supervising this ICT activity has spoken to your child about the incident. We would like to apologise for the failure of the filter in preventing your child being exposed to inappropriate material. Please be assured that we are continually updating our procedures and security measures to ensure that these incidents are not regular occurrences. Yours sincerely, Head Teacher March EiS Kent

31 If a child is at immediate risk Inform the Designated Child Protection Co-ordinator & follow the schools child protection procedures Consult with the Children s Safeguarding Unit (CSU) Contact Kent Police (999) urgently if there is immediate danger Children Safeguard s Unit (CSU) and speak to a Local Children s Officer. e-safety Officer - esafetyofficer@kent.gov.uk Kent Police (switchboard) ask to speak to the Public Protection Unit for your area and/or your Safer School Partnership Co-ordinator Child Exploitation and Online Protection Centre (CEOP) Illegal Activity or Material found or suspected Unsure Inappropriate Activity or Material Content Activity Consult with CSU or e-safety Officer Activity Content Contact CSU or e-safety Officer Report to IWF ( ) and/or Kent Police Child Staff Child Staff Report to filtering manager and/or SB Service Desk Report to CST and Kent Police Report to CEOP Child protection procedures and/or criminal action Staff allegations procedures and/or criminal action Possible School Actions: Sanctions PSHE/Citizenship Restorative justice Anti-bullying Parental work School support e.g. counselling, peer mentoring Request support/advice from e-safety Officer Possible School Actions: Staff training Disciplinary action Restorative Justice School support e.g. counselling Request support/advice from e-safety Officer Review school s e-safety policies and procedures, record actions in e-safety log and implement any changes for the future Details Details Details Details Details Info goes here EiS Kent March 2014

32 Responding to an incident of Concern: Filtering breach Adapted from Becta: AUPs in Context (2009) Filtering Concern Inappropriate Content Illegal Content Suspected Report to School e-safety Coordinator and/or KCC e- Safety Officer If pupil: review incident and decide on appropriate action, including sanctions if deliberate breach Block Site If staff: review incident and decide on appropriate action, including disciplinary measures if deliberate breach Illegal Activity Illegal Content Child at risk Report to Kent Police (101 and speak to Public Protection Unit or Child Exploitation Investigation team) & Children s Safeguard Team Report to Kent Police, Children s Safeguard Team (CST) & Internet Watch Foundation: Secure and preserve evidence in accordance to recommendations Report to Kent Police and CEOP If immediate risk of harm Debrief incident and review schools e- Safety tools, policies and practise Revisit education and training, implement changes and inform the community If no illegal activity or material is found revert to usual disciplinary procedures Await Police/CST/IWF/CEOP response If illegal activity is found then allow the police or relevant authority to complete investigation. Seek advice from Children s Safeguards Team on treatment of offender/victim. Any allegations against staff should be reported to CST Record in cident in e- Safety Incident log. Monitor situation and implement any changes required For more information regarding managing and reporting illegal content please visit March EiS Kent

33 Managing a Filtering Policy: Audit Tool Yes, No or Partially Action Required Lead SLT member Policies and Procedures Does the school have an up-to-date e-safety Policy? Does the e-safety policy cover expectations for safe use of technology in the classroom and has this been communicated to all members of staff Is there an incident reporting mechanism for reporting inappropriate content or unsafe behaviour online (by both staff and pupils) which is known by all members of the school community? Does the school log and record all e-safety incidents, including any actions taken? Has the e-safety Policy and the appropriate procedures been communicated to all members of the school community? Does the school have a designated lead for e-safety and is this the most appropriate member of staff? Is there an established and embedded up-to-date school Acceptable Use Policy (AUP)? Has the AUP been signed by all members of staff? Is there an AUP for visitors and pupils? EiS Kent March 2014

34 Have the AUP been discussed with both pupils and parents/carers? Does the school have clear rules/boundaries about safe and appropriate online behaviour, including sanctions, for staff and pupils? (Is this included in the school behaviour policy?) March EiS Kent

35 Infrastructure and Technology Is there a nominated member of staff (a member of SLT) who oversees the filtering policy? Are staff with access to the filtering system monitored and supported in their role by SLT? Has the school filtering policy been developed by curriculum and technical staff? What changes will or can be made to reduce any risks? Has the filtering policy been approved by SLT? Are any changes to the filtering policy approved by SLT prior to implementation? Have websites and tools been risk assessed prior to use to identify any safety concerns and to decide if the site is suitable for use within the school? Has the risk assessment been completed with both a technical and curriculum perspective Has the risk assessment been seen and approved by SLT? Have appropriate measures been taken to reduce any risks identified? Have members of staff checked to ensure sites and tools used in the classroom are deemed appropriate to use for educational purposes? EiS Kent March 2014

36 Education and Training Do all members of staff receive up-to-date training on e- Safety? Is there a process for including e-safety policies and procedures as part of the school induction process for all members of staff? Do all pupils have specific e-safety lessons targeted at their age group and ability across the curriculum? Are all members of staff proactive in respect of e-safety, by encouraging situations where they can model and discuss good online behaviour? Do the Governors understand the responsibilities they have for safeguarding, and to broadly understand e-safety issues? (Have the school got a lead Governor for e-safety or is in incorporated as part of the safeguarding Governors remit) Does the school seek to support parents/carers in understanding how to minimise risks within their own families and with the ICT tools they have available in their homes? Does the school communicate the e-safety policy and ethos in a variety of channels? Do parents know who to contact in school if they have an e-safety concern? March EiS Kent